Re: eBay phishing - phishers are getting better

From: Ivaylo Zashev (zashev_at_gmail.com)
Date: 07/23/05

  • Next message: walter.sobchak_at_hushmail.com: "Thomson Web Skill Vantage Manager"
    Date: Sat, 23 Jul 2005 20:54:55 +0300
    To: John Gateley <gateley@jriver.com>
    
    

    Hello ,

    You're not the only one getting this...
    Spammers are using some tools to extract only the ebay mails from
    certain email lists they manage to get ..then using those emails they
    are able to get the ebay username that belongs to the ebay mail , i
    believe eBay fixed this ..so most likely they got your username some
    time ago.

    regards,
    Ivaylo Zashev
    http://exploits.cx Security Center

    On 7/21/05, John Gateley <gateley@jriver.com> wrote:
    > I just got another phishing scam (targeting eBay).
    >
    > The twist is that the subject line included my eBay username,
    > and it was sent to my eBay e-mail address. The Phishers have
    > figured out how to get one from the other, I don't know how.
    >
    > I sent it on to eBay but just got a standard form letter
    > back.
    >
    > Is this happening to anyone else? Anyone know how they
    > were able to figure out my e-mail from user name (or
    > vice versa)?
    >
    > j
    >
    > text, with relevant portions removed:
    >
    > Return-Path: <apache@www.nec.com.hk>
    > Delivered-To: xxxx@xxxx.xxxx.org
    > Received: (qmail 15267 invoked by alias); 21 Jul 2005 17:05:07 -0000
    > Delivered-To: xxxx@xxxx.org
    > Received: (qmail 15264 invoked from network); 21 Jul 2005 17:05:07 -0000
    > Received: from unknown (HELO localhost.localdomain) (203.194.209.141)
    > by xxxx.xxxx.com with SMTP; 21 Jul 2005 17:05:07 -0000
    > Received: from www.nec.com.hk (www.nec.com.hk [127.0.0.1] (may be forged))
    > by localhost.localdomain (8.13.1/8.13.1) with ESMTP id j6LIL8VB001107
    > for <xxxx@xxxx.org>; Fri, 22 Jul 2005 02:21:08 +0800
    > Received: (from apache@localhost)
    > by www.nec.com.hk (8.13.1/8.13.1/Submit) id j6LIL7MX001106;
    > Fri, 22 Jul 2005 02:21:07 +0800
    > Date: Fri, 22 Jul 2005 02:21:07 +0800
    > Message-Id: <200507211821.j6LIL7MX001106@www.nec.com.hk>
    > From: "eBay" <aw-confirm@ebay.com>
    > Reply-to: 6884-lbpl-4t94@noreplay.ebay.com
    > Subject: Notification of Limited Account Access for xxxx
    > To: xxxx@xxxx.org
    > Content-type: text/html
    >
    > <html>
    > <style type="text/css">
    > <!--
    > .style3 {color: #FFFFFF}
    > -->
    > </style>
    >
    > <body>
    > <table border="0" width="100%">
    > <tr>
    > <td width="15%" align="left">To:</td>
    > <td>xxxx</td>
    > </tr>
    > <tr>
    > <td width="15%" align="left">From:</td>
    > <td>eBay<span class="style3">( codeID=2574-h04b-ug97)</span></td>
    > </tr>
    > <tr>
    > <td width="15%" align="left">Subject:</td>
    > <td>Notification of Limited Account Access for xxxx<span class="style3"> x route </span></td>
    > </tr>
    > <tr>
    > <td colspan="2">------------------------------------------------------------</td>
    > </tr>
    > <tr>
    > <td colspan="2"><table cellpadding="2" cellspacing="0" border="0" style="border: #e0e0e0 1px solid;" width="100%">
    > <tr>
    > <td><p class="V1Gray"><img alt="The World's Online Marketplace" src="http://battellemedia.com/images/ebayLogo-tm.jpg" border=0></p>
    > <p class="V1Gray">eBay sent this message to xxxx (xxxx@xxxx.org
    > ).<br>
    > </p></td>
    > </tr>
    > </table>
    > <table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
    > <tbody>
    > <tr>
    > <td bgColor="#9999cc" width="1"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif"></td>
    > <td>
    > <table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
    > <tbody>
    > <tr bgColor="#9999cc" height="26">
    > <td> <span class="A3B" style="color:white;">Welcome to My Messages</span></td>
    > </tr>
    > <tr>
    > <td>
    > <table cellSpacing="0" cellPadding="5" width="100%" bgColor="white" border="0">
    > <tbody>
    > <tr>
    > <td colSpan="6" bgcolor="#FFFFFF"><img src="http://pics.ebaystatic.com/aw/pics/myMessages/note_570x30.gif" alt=" " border="0">
    > <p>
    > Dear <span class="V1Gray"> xxxx&nbsp;(xxxx@xxxx.org
    > ),</span></p>
    > <p>
    > This e-mail is the notification of recent innovations taken by eBay to detect inactive customers and
    >
    >
    > non-functioning billing process.<br>
    > The inactive customers are subject to restriction and removal in the next 3 days. <br>
    > You must click the link to complete the process.</p>
    > <p><a href="http://signin.ebay.com.aw-cgi2.com/eBayISAPI.dll?VerifyID&PlaceInfo&LogUID=xxxx;UserRoute=2574-h04b-ug97">http://signin.ebay.com/eBayISAPI.dll?Signln&amp;UserIDmail=xxxx@xxxx.org
    > </a> <span class="style3"> =
    >
    >
    > type=state&amp;param=xxxx-2574-h04b-ug97</span></p>
    > <p align="left">(To complete the verification process you must fill in all the required fields)</p>
    > <p> Notice: Refusal to cooperate in an investigation or provide confirmation of identity when requested are subject to restriction and removal in the next 3 days </p>
    > <p>Regards,<br>
    > Customer Support (Trust and Safety Department), <span class="style3"> </span></p></td>
    > </tr>
    > <tr>
    > <td height="10"></td>
    > </tr>
    > </tbody>
    > </table>
    > </td>
    > </tr>
    > <tr>
    > <td width="100%" bgColor="#9999cc"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif" width="1"></td>
    > </tr>
    > </tbody>
    > </table>
    > </td>
    > <td bgColor="#9999cc" width="1"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif" width="1"></td>
    > </tr>
    > </tbody>
    > </table>
    > <hr size="1"></td>
    > </tr>
    > </table>
    > </body>
    > </html>
    >
    >
    > --
    > Public key at http://www.jriver.com/~gateley
    >
    >
    >


  • Next message: walter.sobchak_at_hushmail.com: "Thomson Web Skill Vantage Manager"

    Relevant Pages

    • Re: Has there ever been a court case over eBay feedback?
      ... maintain that there's no public record of a lawsuit having existed ... I have a little experience with eBay and lawyers, ... violated eBay policy against selling email lists. ...
      (alt.marketing.online.ebay)
    • Re: someone must be on holiday
      ... >> The Mullen invades eBay'. ... >> it pretty easy to deduce what his eBay username was. ... > ASL continued posting after the Mulltard buggered off. ...
      (uk.media.tv.misc)
    • Re: someone must be on holiday
      ... > The Mullen invades eBay'. ... > it pretty easy to deduce what his eBay username was. ... ASL continued posting after the Mulltard buggered off. ...
      (uk.media.tv.misc)
    • Re: View Negative Feedback Only ??
      ... Displays all the Negative Feedback an eBay user has received via right-click or Tools menu. ... Highlight an Ebay username link with your mouse on any Ebay page, then "right click" and select Ebay Negs 3. ...
      (alt.marketing.online.ebay)
    • Re: someone must be on holiday
      ... > Mullen invades eBay'. ... > pretty easy to deduce what his eBay username was. ... oh bugger.. ...
      (uk.media.tv.misc)